P
US11856112B2ActiveUtilityPatentIndex 42

System, server device, and storage device

Assignee: TOSHIBA KKPriority: Sep 18, 2020Filed: Aug 30, 2021Granted: Dec 26, 2023
Est. expirySep 18, 2040(~14.2 yrs left)· nominal 20-yr term from priority
Inventors:FUJISHIRO MIKAARAMAKI YASUTOIWATA TATSUAKISAKATA HIROMIYAMANAKA TAICHIROMITO DAISUKE
H04L 9/3268
42
PatentIndex Score
0
Cited by
12
References
13
Claims

Abstract

According to one embodiment, a server device includes a memory and a processor. The memory stores verification information. The processor accepts a request to transmit a certificate number, generates information in which identification information of one of storage devices from which data is to be erased, a public key, a secret key, and the certificate number are associated with one another, transmits the certificate number, performs verification using an authenticator transmitted by the one storage device and verification information, generates, based on a result of the verification, an erasure certificate that includes the identification information and the certificate number and is signed using the secret key, and transmits the erasure certificate.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system comprising:
 storage devices; and 
 a server device, 
 the server device comprising: 
 a first memory storing first verification information; and 
 a first processor configured to:
 accept a request to transmit a certificate number indicating a number for identifying an erasure certificate; 
 generate information in which identification information of one of the storage devices from which data is to be erased, a public key, a secret key, and the certificate number are associated with one another; 
 transmit the certificate number; 
 verify whether an erasure completion notification transmitted by the one storage device is appropriate by using an authenticator transmitted by the one storage device and the first verification information; 
 generate, in response to the erasure completion notification being appropriate, the erasure certificate that includes the erasure completion notification transmitted by the one storage device and is signed by using the secret key; and 
 transmit the erasure certificate, and 
 
 each of the storage devices comprising: 
 a second memory storing second verification information corresponding to the first verification information; and 
 a second processor configured to:
 erase the data; and 
 transmit the erasure completion notification including the certificate number transmitted by the server device and the identification information, and the authenticator generated by using the second verification information. 
 
 
     
     
       2. The system according to  claim 1 , wherein the first processor is configured to generate the erasure certificate further including a time based on a time at which the request to transmit the certificate number is made. 
     
     
       3. The system according to  claim 2 , wherein the first processor is configured to generate the erasure certificate that further includes a time at which the erasure certificate is generated. 
     
     
       4. The system according to  claim 1 , wherein
 when a request is made to put together two or more storage devices to be erased of the storage devices, the first processor is configured to: 
 generate information in which identification information of the two or more storage devices, a public key, a secret key, and an erasure certificate number are associated with one another; and 
 verify an authenticator transmitted from each of the two or more storage devices. 
 
     
     
       5. The system according to  claim 1 , wherein the first processor is configured to generate a public key and a secret key common in a predetermined unit. 
     
     
       6. The system according to  claim 1 , wherein the second processor is configured to transmit the erasure completion notification that further includes an erasure location. 
     
     
       7. The system according to  claim 1 , wherein the second processor is configured to erase the data when receiving a data erasure preparation command and further receiving a data erasure command. 
     
     
       8. A server device for verifying erasure completion of storage devices, the server device comprising:
 a memory storing verification information; and 
 a processor configured to:
 accept a request to transmit a certificate number indicating a number for identifying an erasure certificate; 
 generate information in which identification information of one of the storage devices from which data is to be erased, a public key, a secret key, and the certificate number are associated with one another; 
 transmit the certificate number; 
 verify whether an erasure completion notification transmitted by the one storage device is appropriate by using an authenticator transmitted by the one storage device and the verification information, the erasure completion notification including the certificate number and the identification information, and the authenticator being generated by using verification information for the one storage device; 
 generate, in response to the erasure completion notification being appropriate, the erasure certificate that includes the erasure completion notification and is signed by using the secret key; and 
 transmit the erasure certificate. 
 
 
     
     
       9. The server device according to  claim 8 , wherein the processor is configured to generate the erasure certificate further including a time based on a time at which the request to transmit the certificate number is made. 
     
     
       10. The server device according to  claim 8 , wherein
 when a request is made to put together two or more storage devices to be erased of the storage devices, the processor is configured to: 
 generate information in which identification information of the two or more storage devices, a public key, a secret key, and an erasure certificate number are associated with one another; and 
 verify an authenticator transmitted from each of the two or more storage devices. 
 
     
     
       11. The server device according to  claim 8 , wherein the processor is configured to generate a public key and a secret key common in a predetermined unit. 
     
     
       12. The server device according to  claim 8 , wherein the processor is configured to generate the erasure certificate that further includes a time at which the erasure certificate is generated. 
     
     
       13. The server device according to  claim 8 , wherein the processor is configured to generate the erasure certificate that further includes an erasure location.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.